[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: building pages with tor in mind



On 2/27/07, Bryan Fordham <bfordham@xxxxxxxxx> wrote:
on a more general note: Does anyone actually have an example of how
javascript can compromise your anonymity? Not "it can obtain your IP"-type
stuff, but actual code.

consider the drive-by pharming style attack: http://www.symantec.com/enterprise/security_response/weblog/2007/02/driveby_pharming_how_clicking_1.html

malicious javascript connects to your router, and if using defaults,
can open up an external telnet management service, change your DNS
server, basically leverage your router for any number of secondary
attacks.